Add to collection(s) Add to saved
  1. Business
  2. Management

Truman Hybrid Entity Policy

advertisement 
POLICY TITLE
HIPAA Privacy - Hybrid Entity Policy; Designation of Truman as a Hybrid Entity
POLICY PURPOSE
To define Truman State University as one legal entity, specifically a hybrid entity, and identify Truman’s health care
components, in accordance with the privacy and security regulations (the “Privacy and Security Standards”) promulgated
pursuant to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information
Technology for Economic and Clinical Health Act of 2009 (the “HITECH Act”). This Hybrid Entity Policy specifically
addresses the requirements of 45 C.F.R. §§ 164.103 and 164.105.
APPLIES TO The requirements of HIPAA apply to the units of Truman included within the definition of Hybrid Entity.
CONTENTS
HIPAA Background
Truman Health Care Component Designation
POLICY STATEMENT
HIPAA Background
A. A legal entity that performs both covered and non-covered functions may designate itself as a hybrid entity under
HIPAA. A hybrid entity may exclude from its covered entity status the following non-covered functions: (1) non-health
care components of the organization (e.g., the university’s academic programs), and/or (2) health care components of
the facility that do not engage in electronic records/transactions for any of the approved HIPAA transactions (i.e.,
transactions associated with billing, payment, or insurance plan coverage/enrollment), and/or (3) health care
components of the facility that treat current students only and are subject to the Federal Educational Rights and
Privacy Act (FERPA). All covered health care components of the designating legal entity must comply with HIPAA.
B. A hybrid entity also may include a non-covered health care provider in its health care component, but if it does so,
such non-covered health care component must comply with HIPAA. Additionally, a hybrid entity has the discretion as
to whether or not to include business associate-like divisions within the health care component.
C. A hybrid entity must designate as part of its covered functions any component that would meet the definition of a
covered entity if it were a separate legal entity. For example, a health clinic that performs covered functions and that
conducts covered transactions electronically (e.g., electronic claim submission) must be designated as a health care
component of the facility, and will be subject to the Privacy and Security Standards.
D. Truman has designated itself a hybrid entity in accordance with 45 C.F.R. §§ 164.103 and 164.105.
Truman Health Care Component Designation
Truman State University’s primary mission is not to provide health care, and is permitted to designate itself as a Hybrid
Entity. This means that the HIPAA Privacy Rule applies only to those parts of the University, that, if standing alone, would
be a Covered Entity. As a Hybrid Entity, Truman must identify in writing its health care components.
Truman designates the following as health care components included in the Hybrid Entity:

Human Resources Health Plans (Aetna, Delta Dental, Flexible Spending Account)
The following are also designated as part of the Hybrid Entity to the extent that they perform activities that would make
them Business Associates of one of the above health care components if they were separate entities:

Business Office and Payroll personnel assigned to health care component payroll operations

Information Technology Services personnel assigned to the Truman health care components
Business Associates – Separate entities performing activities for one of the above health care components:

Cigna Employee Assistance Program (Human Resources)
NOTE: Though Truman State University Student Health Center and University Counseling Services are subject to the
Federal Educational Rights and Privacy Act (FERPA) and not HIPAA Privacy or Security Rules, they may do business
with associates who are compelled to comply with HIPAA Privacy and Security Rules. Business Associate Agreements
shall be secured noting the HIPAA Privacy/Security Rules expectations for said Business Associates when required.
Whenever University policies, procedures or guidelines refer to Truman as a covered entity under HIPAA, they are
referring to the units listed above. The requirements of HIPAA apply only to the units of Truman included within the
Hybrid Entity.
The above listed units may not use or disclose health information that they create or receive from, or on behalf of, the
health care component in a way prohibited by HIPAA.
Although workforce members of the Hybrid Entity perform duties for both the health care components and for other
components of the University, they must not use or disclose PHI created or received in the course of the members’ work
for the health care component in a way prohibited by HIPAA.
EXCLUSIONS OR SPECIAL CIRCUMSTANCES:
Any exceptions to this Policy must be approved in writing by the President.
CONSEQUENCES:
By failing to abide by this policy or policy procedures, individuals may be subject to sanctions, up to and including
disciplinary action, suspension, termination of employment, dismissal from the University, and legal action. Some
violations may constitute criminal offenses under local, state, and federal laws. The University will carry out its
responsibility to report such violations to the appropriate authorities.
CONTACTS:
Responsible Executive:
President
APPROVED BY:
Truman State University President
APPROVED ON:
2013/10/10
REVIEW/CHANGE HISTORY:
REVIEW CYCLE:
Annual
DEFINITIONS
A. Covered function – Those functions of a covered entity the performance of which makes the entity a health plan,
health care provider, or health care clearinghouse.
B. Hybrid entity – A single legal entity:
1. That is a covered entity;
2. Whose business activities include both covered and non-covered functions; and
3. That designates its health care components, documents the designation and establishes appropriate firewalls in
accordance with HIPAA between covered and non-covered functions.
C. Health care component – A component or combination of components of a hybrid entity designated by the hybrid
entity in accordance with 45 C.F.R. 164.105(a)(2)(iii)(C).
D. Current Students – “Current Students” are defined as those students currently attending Truman State University
classes or students who are continually enrolled (i.e., having completed one semester and enrolled in an upcoming
semester or coursework).
RELATED DOCUMENTS
 45 C.F.R. §§ 164.103, 164.105
Related documents
1 The best definition of an accounting system is: a Journals, ledgers
1 The best definition of an accounting system is: a Journals, ledgers
Legal Aspects of Electronic Communication
Legal Aspects of Electronic Communication
Assumptions on our ER diagram
Assumptions on our ER diagram
Systems Analysis and Design Sergey V. Samoilenko
Systems Analysis and Design Sergey V. Samoilenko
identifying and assessing the risks of material misstatement
identifying and assessing the risks of material misstatement
APB Opinion #22 (paragraphs 12 and 13)
APB Opinion #22 (paragraphs 12 and 13)
Understanding HIPAA Compliance
Understanding HIPAA Compliance
Events that may indicate going concern
Events that may indicate going concern
Download
advertisement